Knowledge Base

What's the recommended way to handle secrets creation? IAC or manually?

View full discussion in GitHub

Answer

Hey everyone! Does gruntworks have an official recommendation for how to handle secrets creation in AWS? We understand that, due to the nature of secrets, it might not be feasible to use IAC for this. Should secrets be one of the few things we create manually?

Currently we recommend managing and creating secrets in AWS Secrets Manager using either the `aws` CLI, or the web console. This is the safest way to ensure that the secrets won't leak in an unexpected location, such as the terraform state file, or your local code. Credit for answering this question goes to @yorinasub17.